Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59326

Don't use password field for shared secrets

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • 3.7
    • 3.4, 3.5.5, 3.6.3
    • Forms Library
    • MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
    • MOODLE_37_STABLE
    • Hide
      1. Create a new WebDAV repository instance
      2. Confirm the WebDAV server password field is a passwordunmask field type
      3. Create a new MongoDB cache store instance
      4. Confirm the Password field is a passwordunmask field type
      Show
      Create a new WebDAV repository instance Confirm the WebDAV server password field is a passwordunmask field type Create a new MongoDB cache store instance Confirm the Password field is a passwordunmask field type

      Following from MDL-57021 there are still 2 cases where we use a password form for shared secrets. This is what the "passwordunmask" field is for, and using this field will prevent password managers from auto-filling these fields with passwords from the users password list and accidentally overwriting the value.

      cache/stores/mongodb/addinstanceform.php

      repository/webdav/lib.php

       

            pholden Paul Holden
            damyon Damyon Wiese
            Jake Dallimore Jake Dallimore
            David Monllaó David Monllaó
            Anna Carissa Sadia Anna Carissa Sadia
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.